add type for probability mass functions, i.e. discrete probability distribution
authorhoelzl
Mon Oct 06 16:27:07 2014 +0200 (2014-10-06)
changeset 585875484f6079bcd
parent 58586 1b11669a5c66
child 58588 93d87fd1583d
add type for probability mass functions, i.e. discrete probability distribution
src/HOL/Probability/Complete_Measure.thy
src/HOL/Probability/Probability.thy
src/HOL/Probability/Probability_Mass_Function.thy
     1.1 --- a/src/HOL/Probability/Complete_Measure.thy	Mon Oct 06 13:42:48 2014 +0200
     1.2 +++ b/src/HOL/Probability/Complete_Measure.thy	Mon Oct 06 16:27:07 2014 +0200
     1.3 @@ -3,7 +3,7 @@
     1.4  *)
     1.5  
     1.6  theory Complete_Measure
     1.7 -imports Bochner_Integration
     1.8 +  imports Bochner_Integration Probability_Measure
     1.9  begin
    1.10  
    1.11  definition
    1.12 @@ -314,4 +314,19 @@
    1.13    qed auto
    1.14  qed
    1.15  
    1.16 +lemma (in prob_space) prob_space_completion: "prob_space (completion M)"
    1.17 +  by (rule prob_spaceI) (simp add: emeasure_space_1)
    1.18 +
    1.19 +lemma null_sets_completionI: "N \<in> null_sets M \<Longrightarrow> N \<in> null_sets (completion M)"
    1.20 +  by (auto simp: null_sets_def)
    1.21 +
    1.22 +lemma AE_completion: "(AE x in M. P x) \<Longrightarrow> (AE x in completion M. P x)"
    1.23 +  unfolding eventually_ae_filter by (auto intro: null_sets_completionI)
    1.24 +
    1.25 +lemma null_sets_completion_iff: "N \<in> sets M \<Longrightarrow> N \<in> null_sets (completion M) \<longleftrightarrow> N \<in> null_sets M"
    1.26 +  by (auto simp: null_sets_def)
    1.27 +
    1.28 +lemma AE_completion_iff: "{x\<in>space M. P x} \<in> sets M \<Longrightarrow> (AE x in M. P x) \<longleftrightarrow> (AE x in completion M. P x)"
    1.29 +  by (simp add: AE_iff_null null_sets_completion_iff)
    1.30 +
    1.31  end
     2.1 --- a/src/HOL/Probability/Probability.thy	Mon Oct 06 13:42:48 2014 +0200
     2.2 +++ b/src/HOL/Probability/Probability.thy	Mon Oct 06 16:27:07 2014 +0200
     2.3 @@ -7,6 +7,7 @@
     2.4    Projective_Limit
     2.5    Independent_Family
     2.6    Distributions
     2.7 +  Probability_Mass_Function
     2.8  begin
     2.9  
    2.10  end
     3.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     3.2 +++ b/src/HOL/Probability/Probability_Mass_Function.thy	Mon Oct 06 16:27:07 2014 +0200
     3.3 @@ -0,0 +1,358 @@
     3.4 +theory Probability_Mass_Function
     3.5 +  imports Probability_Measure
     3.6 +begin
     3.7 +
     3.8 +lemma sets_Pair: "{x} \<in> sets M1 \<Longrightarrow> {y} \<in> sets M2 \<Longrightarrow> {(x, y)} \<in> sets (M1 \<Otimes>\<^sub>M M2)"
     3.9 +  using pair_measureI[of "{x}" M1 "{y}" M2] by simp
    3.10 +
    3.11 +lemma finite_subset_card:
    3.12 +  assumes X: "infinite X" shows "\<exists>A\<subseteq>X. finite A \<and> card A = n"
    3.13 +proof (induct n)
    3.14 +  case (Suc n) then guess A .. note A = this
    3.15 +  with X obtain x where "x \<in> X" "x \<notin> A"
    3.16 +    by (metis subset_antisym subset_eq)
    3.17 +  with A show ?case  
    3.18 +    by (intro exI[of _ "insert x A"]) auto
    3.19 +qed (simp cong: conj_cong)
    3.20 +
    3.21 +lemma (in prob_space) countable_support:
    3.22 +  "countable {x. measure M {x} \<noteq> 0}"
    3.23 +proof -
    3.24 +  let ?m = "\<lambda>x. measure M {x}"
    3.25 +  have *: "{x. ?m x \<noteq> 0} = (\<Union>n. {x. inverse (real (Suc n)) < ?m x})"
    3.26 +    by (auto intro!: measure_nonneg reals_Archimedean order_le_neq_trans)
    3.27 +  have **: "\<And>n. finite {x. inverse (Suc n) < ?m x}"
    3.28 +  proof (rule ccontr)
    3.29 +    fix n assume "infinite {x. inverse (Suc n) < ?m x}" (is "infinite ?X")
    3.30 +    then obtain X where "finite X" "card X = Suc (Suc n)" "X \<subseteq> ?X"
    3.31 +      by (metis finite_subset_card)
    3.32 +    from this(3) have *: "\<And>x. x \<in> X \<Longrightarrow> 1 / Suc n \<le> ?m x" 
    3.33 +      by (auto simp: inverse_eq_divide)
    3.34 +    { fix x assume "x \<in> X"
    3.35 +      from *[OF this] have "?m x \<noteq> 0" by auto
    3.36 +      then have "{x} \<in> sets M" by (auto dest: measure_notin_sets) }
    3.37 +    note singleton_sets = this
    3.38 +    have "1 < (\<Sum>x\<in>X. 1 / Suc n)"
    3.39 +      by (simp add: `card X = Suc (Suc n)` real_eq_of_nat[symmetric] real_of_nat_Suc)
    3.40 +    also have "\<dots> \<le> (\<Sum>x\<in>X. ?m x)"
    3.41 +      by (rule setsum_mono) fact
    3.42 +    also have "\<dots> = measure M (\<Union>x\<in>X. {x})"
    3.43 +      using singleton_sets `finite X`
    3.44 +      by (intro finite_measure_finite_Union[symmetric]) (auto simp: disjoint_family_on_def)
    3.45 +    finally show False
    3.46 +      using prob_le_1[of "\<Union>x\<in>X. {x}"] by arith
    3.47 +  qed
    3.48 +  show ?thesis
    3.49 +    unfolding * by (intro countable_UN countableI_type countable_finite[OF **])
    3.50 +qed
    3.51 +
    3.52 +lemma measure_count_space: "measure (count_space A) X = (if X \<subseteq> A then card X else 0)"
    3.53 +  unfolding measure_def
    3.54 +  by (cases "finite X") (simp_all add: emeasure_notin_sets)
    3.55 +
    3.56 +typedef 'a pmf = "{M :: 'a measure. prob_space M \<and> sets M = UNIV \<and> (AE x in M. measure M {x} \<noteq> 0)}"
    3.57 +  morphisms measure_pmf Abs_pmf
    3.58 +  apply (intro exI[of _ "uniform_measure (count_space UNIV) {undefined}"])
    3.59 +  apply (auto intro!: prob_space_uniform_measure simp: measure_count_space)
    3.60 +  apply (subst uniform_measure_def)
    3.61 +  apply (simp add: AE_density AE_count_space split: split_indicator)
    3.62 +  done
    3.63 +
    3.64 +declare [[coercion measure_pmf]]
    3.65 +
    3.66 +lemma prob_space_measure_pmf: "prob_space (measure_pmf p)"
    3.67 +  using pmf.measure_pmf[of p] by auto
    3.68 +
    3.69 +interpretation measure_pmf!: prob_space "measure_pmf M" for M
    3.70 +  by (rule prob_space_measure_pmf)
    3.71 +
    3.72 +locale pmf_as_measure
    3.73 +begin
    3.74 +
    3.75 +setup_lifting type_definition_pmf
    3.76 +
    3.77 +end
    3.78 +
    3.79 +context
    3.80 +begin
    3.81 +
    3.82 +interpretation pmf_as_measure .
    3.83 +
    3.84 +lift_definition pmf :: "'a pmf \<Rightarrow> 'a \<Rightarrow> real" is "\<lambda>M x. measure M {x}" .
    3.85 +
    3.86 +lift_definition set_pmf :: "'a pmf \<Rightarrow> 'a set" is "\<lambda>M. {x. measure M {x} \<noteq> 0}" .
    3.87 +
    3.88 +lift_definition map_pmf :: "('a \<Rightarrow> 'b) \<Rightarrow> 'a pmf \<Rightarrow> 'b pmf" is
    3.89 +  "\<lambda>f M. distr M (count_space UNIV) f"
    3.90 +proof safe
    3.91 +  fix M and f :: "'a \<Rightarrow> 'b"
    3.92 +  let ?D = "distr M (count_space UNIV) f"
    3.93 +  assume "prob_space M" and [simp]: "sets M = UNIV" and ae: "AE x in M. measure M {x} \<noteq> 0"
    3.94 +  interpret prob_space M by fact
    3.95 +  from ae have "AE x in M. measure M (f -` {f x}) \<noteq> 0"
    3.96 +  proof eventually_elim
    3.97 +    fix x
    3.98 +    have "measure M {x} \<le> measure M (f -` {f x})"
    3.99 +      by (intro finite_measure_mono) auto
   3.100 +    then show "measure M {x} \<noteq> 0 \<Longrightarrow> measure M (f -` {f x}) \<noteq> 0"
   3.101 +      using measure_nonneg[of M "{x}"] by auto
   3.102 +  qed
   3.103 +  then show "AE x in ?D. measure ?D {x} \<noteq> 0"
   3.104 +    by (simp add: AE_distr_iff measure_distr measurable_def)
   3.105 +qed (auto simp: measurable_def prob_space.prob_space_distr)
   3.106 +
   3.107 +declare [[coercion set_pmf]]
   3.108 +
   3.109 +lemma countable_set_pmf: "countable (set_pmf p)"
   3.110 +  by transfer (metis prob_space.countable_support)
   3.111 +
   3.112 +lemma sets_measure_pmf[simp]: "sets (measure_pmf p) = UNIV"
   3.113 +  by transfer metis
   3.114 +
   3.115 +lemma space_measure_pmf[simp]: "space (measure_pmf p) = UNIV"
   3.116 +  using sets_eq_imp_space_eq[of "measure_pmf p" "count_space UNIV"] by simp
   3.117 +
   3.118 +lemma measurable_pmf_measure1[simp]: "measurable (M :: 'a pmf) N = UNIV \<rightarrow> space N"
   3.119 +  by (auto simp: measurable_def)
   3.120 +
   3.121 +lemma measurable_pmf_measure2[simp]: "measurable N (M :: 'a pmf) = measurable N (count_space UNIV)"
   3.122 +  by (intro measurable_cong_sets) simp_all
   3.123 +
   3.124 +lemma pmf_positive: "x \<in> set_pmf p \<Longrightarrow> 0 < pmf p x"
   3.125 +  by transfer (simp add: less_le measure_nonneg)
   3.126 +
   3.127 +lemma pmf_nonneg: "0 \<le> pmf p x"
   3.128 +  by transfer (simp add: measure_nonneg)
   3.129 +
   3.130 +lemma emeasure_pmf_single:
   3.131 +  fixes M :: "'a pmf"
   3.132 +  shows "emeasure M {x} = pmf M x"
   3.133 +  by transfer (simp add: finite_measure.emeasure_eq_measure[OF prob_space.finite_measure])
   3.134 +
   3.135 +lemma AE_measure_pmf: "AE x in (M::'a pmf). x \<in> M"
   3.136 +  by transfer simp
   3.137 +
   3.138 +lemma emeasure_pmf_single_eq_zero_iff:
   3.139 +  fixes M :: "'a pmf"
   3.140 +  shows "emeasure M {y} = 0 \<longleftrightarrow> y \<notin> M"
   3.141 +  by transfer (simp add: finite_measure.emeasure_eq_measure[OF prob_space.finite_measure])
   3.142 +
   3.143 +lemma AE_measure_pmf_iff: "(AE x in measure_pmf M. P x) \<longleftrightarrow> (\<forall>y\<in>M. P y)"
   3.144 +proof -
   3.145 +  { fix y assume y: "y \<in> M" and P: "AE x in M. P x" "\<not> P y"
   3.146 +    with P have "AE x in M. x \<noteq> y"
   3.147 +      by auto
   3.148 +    with y have False
   3.149 +      by (simp add: emeasure_pmf_single_eq_zero_iff AE_iff_measurable[OF _ refl]) }
   3.150 +  then show ?thesis
   3.151 +    using AE_measure_pmf[of M] by auto
   3.152 +qed
   3.153 +
   3.154 +lemma measure_pmf_eq_density: "measure_pmf p = density (count_space UNIV) (pmf p)"
   3.155 +proof (transfer, elim conjE)
   3.156 +  fix M :: "'a measure" assume [simp]: "sets M = UNIV" and ae: "AE x in M. measure M {x} \<noteq> 0"
   3.157 +  assume "prob_space M" then interpret prob_space M .
   3.158 +  show "M = density (count_space UNIV) (\<lambda>x. ereal (measure M {x}))"
   3.159 +  proof (rule measure_eqI)
   3.160 +    fix A :: "'a set"
   3.161 +    have "(\<integral>\<^sup>+ x. ereal (measure M {x}) * indicator A x \<partial>count_space UNIV) = 
   3.162 +      (\<integral>\<^sup>+ x. emeasure M {x} * indicator (A \<inter> {x. measure M {x} \<noteq> 0}) x \<partial>count_space UNIV)"
   3.163 +      by (auto intro!: nn_integral_cong simp: emeasure_eq_measure split: split_indicator)
   3.164 +    also have "\<dots> = (\<integral>\<^sup>+ x. emeasure M {x} \<partial>count_space (A \<inter> {x. measure M {x} \<noteq> 0}))"
   3.165 +      by (subst nn_integral_restrict_space[symmetric]) (auto simp: restrict_count_space)
   3.166 +    also have "\<dots> = emeasure M (\<Union>x\<in>(A \<inter> {x. measure M {x} \<noteq> 0}). {x})"
   3.167 +      by (intro emeasure_UN_countable[symmetric] countable_Int2 countable_support)
   3.168 +         (auto simp: disjoint_family_on_def)
   3.169 +    also have "\<dots> = emeasure M A"
   3.170 +      using ae by (intro emeasure_eq_AE) auto
   3.171 +    finally show " emeasure M A = emeasure (density (count_space UNIV) (\<lambda>x. ereal (measure M {x}))) A"
   3.172 +      using emeasure_space_1 by (simp add: emeasure_density)
   3.173 +  qed simp
   3.174 +qed
   3.175 +
   3.176 +lemma set_pmf_not_empty: "set_pmf M \<noteq> {}"
   3.177 +  using AE_measure_pmf[of M] by (intro notI) simp
   3.178 +
   3.179 +lemma set_pmf_iff: "x \<in> set_pmf M \<longleftrightarrow> pmf M x \<noteq> 0"
   3.180 +  by transfer simp
   3.181 +
   3.182 +lemma emeasure_pmf: "emeasure (M::'a pmf) M = 1"
   3.183 +proof -
   3.184 +  have "emeasure (M::'a pmf) M = emeasure (M::'a pmf) (space M)"
   3.185 +    by (intro emeasure_eq_AE) (simp_all add: AE_measure_pmf)
   3.186 +  then show ?thesis
   3.187 +    using measure_pmf.emeasure_space_1 by simp
   3.188 +qed
   3.189 +
   3.190 +lemma map_pmf_id[simp]: "map_pmf id = id"
   3.191 +  by (rule, transfer) (auto simp: emeasure_distr measurable_def intro!: measure_eqI)
   3.192 +
   3.193 +lemma map_pmf_compose: "map_pmf (f \<circ> g) = map_pmf f \<circ> map_pmf g"
   3.194 +  by (rule, transfer) (simp add: distr_distr[symmetric, where N="count_space UNIV"] measurable_def) 
   3.195 +
   3.196 +lemma map_pmf_cong:
   3.197 +  assumes "p = q"
   3.198 +  shows "(\<And>x. x \<in> set_pmf q \<Longrightarrow> f x = g x) \<Longrightarrow> map_pmf f p = map_pmf g q"
   3.199 +  unfolding `p = q`[symmetric] measure_pmf_inject[symmetric] map_pmf.rep_eq
   3.200 +  by (auto simp add: emeasure_distr AE_measure_pmf_iff intro!: emeasure_eq_AE measure_eqI)
   3.201 +
   3.202 +lemma pmf_set_map: 
   3.203 +  fixes f :: "'a \<Rightarrow> 'b"
   3.204 +  shows "set_pmf \<circ> map_pmf f = op ` f \<circ> set_pmf"
   3.205 +proof (rule, transfer, clarsimp simp add: measure_distr measurable_def)
   3.206 +  fix f :: "'a \<Rightarrow> 'b" and M :: "'a measure"
   3.207 +  assume "prob_space M" and ae: "AE x in M. measure M {x} \<noteq> 0" and [simp]: "sets M = UNIV"
   3.208 +  interpret prob_space M by fact
   3.209 +  show "{x. measure M (f -` {x}) \<noteq> 0} = f ` {x. measure M {x} \<noteq> 0}"
   3.210 +  proof safe
   3.211 +    fix x assume "measure M (f -` {x}) \<noteq> 0"
   3.212 +    moreover have "measure M (f -` {x}) = measure M {y. f y = x \<and> measure M {y} \<noteq> 0}"
   3.213 +      using ae by (intro finite_measure_eq_AE) auto
   3.214 +    ultimately have "{y. f y = x \<and> measure M {y} \<noteq> 0} \<noteq> {}"
   3.215 +      by (metis measure_empty)
   3.216 +    then show "x \<in> f ` {x. measure M {x} \<noteq> 0}"
   3.217 +      by auto
   3.218 +  next
   3.219 +    fix x assume "measure M {x} \<noteq> 0"
   3.220 +    then have "0 < measure M {x}"
   3.221 +      using measure_nonneg[of M "{x}"] by auto
   3.222 +    also have "measure M {x} \<le> measure M (f -` {f x})"
   3.223 +      by (intro finite_measure_mono) auto
   3.224 +    finally show "measure M (f -` {f x}) = 0 \<Longrightarrow> False"
   3.225 +      by simp
   3.226 +  qed
   3.227 +qed
   3.228 +
   3.229 +context
   3.230 +  fixes f :: "'a \<Rightarrow> real"
   3.231 +  assumes nonneg: "\<And>x. 0 \<le> f x"
   3.232 +  assumes prob: "(\<integral>\<^sup>+x. f x \<partial>count_space UNIV) = 1"
   3.233 +begin
   3.234 +
   3.235 +lift_definition embed_pmf :: "'a pmf" is "density (count_space UNIV) (ereal \<circ> f)"
   3.236 +proof (intro conjI)
   3.237 +  have *[simp]: "\<And>x y. ereal (f y) * indicator {x} y = ereal (f x) * indicator {x} y"
   3.238 +    by (simp split: split_indicator)
   3.239 +  show "AE x in density (count_space UNIV) (ereal \<circ> f).
   3.240 +    measure (density (count_space UNIV) (ereal \<circ> f)) {x} \<noteq> 0"
   3.241 +    by (simp add: AE_density nonneg emeasure_density measure_def nn_integral_cmult_indicator)
   3.242 +  show "prob_space (density (count_space UNIV) (ereal \<circ> f))"
   3.243 +    by default (simp add: emeasure_density prob)
   3.244 +qed simp
   3.245 +
   3.246 +lemma pmf_embed_pmf: "pmf embed_pmf x = f x"
   3.247 +proof transfer
   3.248 +  have *[simp]: "\<And>x y. ereal (f y) * indicator {x} y = ereal (f x) * indicator {x} y"
   3.249 +    by (simp split: split_indicator)
   3.250 +  fix x show "measure (density (count_space UNIV) (ereal \<circ> f)) {x} = f x"
   3.251 +    by transfer (simp add: measure_def emeasure_density nn_integral_cmult_indicator nonneg)
   3.252 +qed
   3.253 +
   3.254 +end
   3.255 +
   3.256 +lemma embed_pmf_transfer:
   3.257 +  "rel_fun (eq_onp (\<lambda>f::'a \<Rightarrow> real. (\<forall>x. 0 \<le> f x) \<and> (\<integral>\<^sup>+x. ereal (f x) \<partial>count_space UNIV) = 1)) pmf_as_measure.cr_pmf (\<lambda>f. density (count_space UNIV) (ereal \<circ> f)) embed_pmf"
   3.258 +  by (auto simp: rel_fun_def eq_onp_def embed_pmf.transfer)
   3.259 +
   3.260 +lemma td_pmf_embed_pmf:
   3.261 +  "type_definition pmf embed_pmf {f::'a \<Rightarrow> real. (\<forall>x. 0 \<le> f x) \<and> (\<integral>\<^sup>+x. ereal (f x) \<partial>count_space UNIV) = 1}"
   3.262 +  unfolding type_definition_def
   3.263 +proof safe
   3.264 +  fix p :: "'a pmf"
   3.265 +  have "(\<integral>\<^sup>+ x. 1 \<partial>measure_pmf p) = 1"
   3.266 +    using measure_pmf.emeasure_space_1[of p] by simp
   3.267 +  then show *: "(\<integral>\<^sup>+ x. ereal (pmf p x) \<partial>count_space UNIV) = 1"
   3.268 +    by (simp add: measure_pmf_eq_density nn_integral_density pmf_nonneg del: nn_integral_const)
   3.269 +
   3.270 +  show "embed_pmf (pmf p) = p"
   3.271 +    by (intro measure_pmf_inject[THEN iffD1])
   3.272 +       (simp add: * embed_pmf.rep_eq pmf_nonneg measure_pmf_eq_density[of p] comp_def)
   3.273 +next
   3.274 +  fix f :: "'a \<Rightarrow> real" assume "\<forall>x. 0 \<le> f x" "(\<integral>\<^sup>+x. f x \<partial>count_space UNIV) = 1"
   3.275 +  then show "pmf (embed_pmf f) = f"
   3.276 +    by (auto intro!: pmf_embed_pmf)
   3.277 +qed (rule pmf_nonneg)
   3.278 +
   3.279 +end
   3.280 +
   3.281 +locale pmf_as_function
   3.282 +begin
   3.283 +
   3.284 +setup_lifting td_pmf_embed_pmf
   3.285 +
   3.286 +end 
   3.287 +
   3.288 +(*
   3.289 +
   3.290 +definition
   3.291 +  "rel_pmf P d1 d2 \<longleftrightarrow> (\<exists>p3. (\<forall>(x, y) \<in> set_pmf p3. P x y) \<and> map_pmf fst p3 = d1 \<and> map_pmf snd p3 = d2)"
   3.292 +
   3.293 +lift_definition pmf_join :: "real \<Rightarrow> 'a pmf \<Rightarrow> 'a pmf \<Rightarrow> 'a pmf" is
   3.294 +  "\<lambda>p M1 M2. density (count_space UNIV) (\<lambda>x. p * measure M1 {x} + (1 - p) * measure M2 {x})"
   3.295 +sorry
   3.296 +
   3.297 +lift_definition pmf_single :: "'a \<Rightarrow> 'a pmf" is
   3.298 +  "\<lambda>x. uniform_measure (count_space UNIV) {x}"
   3.299 +sorry
   3.300 +
   3.301 +bnf pmf: "'a pmf" map: map_pmf sets: set_pmf bd : "natLeq" rel: pmf_rel
   3.302 +proof -
   3.303 +  show "map_pmf id = id" by (rule map_pmf_id)
   3.304 +  show "\<And>f g. map_pmf (f \<circ> g) = map_pmf f \<circ> map_pmf g" by (rule map_pmf_compose) 
   3.305 +  show "\<And>f g::'a \<Rightarrow> 'b. \<And>p. (\<And>x. x \<in> set_pmf p \<Longrightarrow> f x = g x) \<Longrightarrow> map_pmf f p = map_pmf g p"
   3.306 +    by (intro map_pmg_cong refl)
   3.307 +
   3.308 +  show "\<And>f::'a \<Rightarrow> 'b. set_pmf \<circ> map_pmf f = op ` f \<circ> set_pmf"
   3.309 +    by (rule pmf_set_map)
   3.310 +
   3.311 +  { fix p :: "'s pmf"
   3.312 +    have "(card_of (set_pmf p), card_of (UNIV :: nat set)) \<in> ordLeq"
   3.313 +      by (rule card_of_ordLeqI[where f="to_nat_on (set_pmf p)"])
   3.314 +         (auto intro: countable_set_pmf inj_on_to_nat_on)
   3.315 +    also have "(card_of (UNIV :: nat set), natLeq) \<in> ordLeq"
   3.316 +      by (metis Field_natLeq card_of_least natLeq_Well_order)
   3.317 +    finally show "(card_of (set_pmf p), natLeq) \<in> ordLeq" . }
   3.318 +
   3.319 +  show "\<And>R. pmf_rel R =
   3.320 +         (BNF_Util.Grp {x. set_pmf x \<subseteq> {(x, y). R x y}} (map_pmf fst))\<inverse>\<inverse> OO
   3.321 +         BNF_Util.Grp {x. set_pmf x \<subseteq> {(x, y). R x y}} (map_pmf snd)"
   3.322 +     by (auto simp add: fun_eq_iff pmf_rel_def BNF_Util.Grp_def OO_def)
   3.323 +
   3.324 +  { let ?f = "map_pmf fst" and ?s = "map_pmf snd"
   3.325 +    fix R :: "'a \<Rightarrow> 'b \<Rightarrow> bool" and A assume "\<And>x y. (x, y) \<in> set_pmf A \<Longrightarrow> R x y"
   3.326 +    fix S :: "'b \<Rightarrow> 'c \<Rightarrow> bool" and B assume "\<And>y z. (y, z) \<in> set_pmf B \<Longrightarrow> S y z"
   3.327 +    assume "?f B = ?s A"
   3.328 +    have "\<exists>C. (\<forall>(x, z)\<in>set_pmf C. \<exists>y. R x y \<and> S y z) \<and> ?f C = ?f A \<and> ?s C = ?s B"
   3.329 +      sorry }
   3.330 +oops
   3.331 +  then show "\<And>R::'a \<Rightarrow> 'b \<Rightarrow> bool. \<And>S::'b \<Rightarrow> 'c \<Rightarrow> bool. pmf_rel R OO pmf_rel S \<le> pmf_rel (R OO S)"
   3.332 +      by (auto simp add: subset_eq pmf_rel_def fun_eq_iff OO_def Ball_def)
   3.333 +qed (fact natLeq_card_order natLeq_cinfinite)+
   3.334 +
   3.335 +notepad
   3.336 +begin
   3.337 +  fix x y :: "nat \<Rightarrow> real"
   3.338 +  def IJz \<equiv> "rec_nat ((0, 0), \<lambda>_. 0) (\<lambda>n ((I, J), z).
   3.339 +    let a = x I - (\<Sum>j<J. z (I, j)) ; b = y J - (\<Sum>i<I. z (i, J)) in
   3.340 +      ((if a \<le> b then I + 1 else I, if b \<le> a then J + 1 else J), z((I, J) := min a b)))"
   3.341 +  def I == "fst \<circ> fst \<circ> IJz" def J == "snd \<circ> fst \<circ> IJz" def z == "snd \<circ> IJz"
   3.342 +  let ?a = "\<lambda>n. x (I n) - (\<Sum>j<J n. z n (I n, j))" and ?b = "\<lambda>n. y (J n) - (\<Sum>i<I n. z n (i, J n))"
   3.343 +  have IJz_0[simp]: "\<And>p. z 0 p = 0" "I 0 = 0" "J 0 = 0"
   3.344 +    by (simp_all add: I_def J_def z_def IJz_def)
   3.345 +  have z_Suc[simp]: "\<And>n. z (Suc n) = (z n)((I n, J n) := min (?a n) (?b n))"
   3.346 +    by (simp add: z_def I_def J_def IJz_def Let_def split_beta)
   3.347 +  have I_Suc[simp]: "\<And>n. I (Suc n) = (if ?a n \<le> ?b n then I n + 1 else I n)"
   3.348 +    by (simp add: z_def I_def J_def IJz_def Let_def split_beta)
   3.349 +  have J_Suc[simp]: "\<And>n. J (Suc n) = (if ?b n \<le> ?a n then J n + 1 else J n)"
   3.350 +    by (simp add: z_def I_def J_def IJz_def Let_def split_beta)
   3.351 +  
   3.352 +  { fix N have "\<And>p. z N p \<noteq> 0 \<Longrightarrow> \<exists>n<N. p = (I n, J n)"
   3.353 +      by (induct N) (auto simp add: less_Suc_eq split: split_if_asm) }
   3.354 +  
   3.355 +  { fix i n assume "i < I n"
   3.356 +    then have "(\<Sum>j. z n (i, j)) = x i" 
   3.357 +    oops
   3.358 +*)
   3.359 +
   3.360 +end
   3.361 +